Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/sYFt3rrUBuJk57Y3zAGFmZOltic.roa
File:                     sYFt3rrUBuJk57Y3zAGFmZOltic.roa (raw, json)
Hash identifier:          gQqoyQHjxZ3QpmMXCuD04vnCJWZx+pARGd3BNASn0U0=
Subject key identifier:   B1:81:6D:DE:BA:D4:06:E2:64:E7:B6:37:CC:01:85:99:93:A5:B6:27
Certificate issuer:       /CN=5ff7352d47db9785f49118092de8704a67f6520d
Certificate serial:       018CC794BA6812DC566B8215B75DFE605168
Authority key identifier: 5F:F7:35:2D:47:DB:97:85:F4:91:18:09:2D:E8:70:4A:67:F6:52:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/sYFt3rrUBuJk57Y3zAGFmZOltic.roa
Signing time:             Tue 02 Jan 2024 00:31:01 +0000
ROA not before:           Tue 02 Jan 2024 00:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43366
IP address blocks:        45.154.8.0/24 maxlen: 24
                          185.241.188.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ba:68:12:dc:56:6b:82:15:b7:5d:fe:60:51:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ff7352d47db9785f49118092de8704a67f6520d
        Validity
            Not Before: Jan  2 00:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1816ddebad406e264e7b637cc01859993a5b627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e9:4e:24:88:5f:c7:38:b3:d1:9b:8b:a3:0c:
                    f3:da:28:98:55:35:08:0e:3e:6a:01:d7:29:99:93:
                    fa:fe:d2:12:bf:65:fa:d7:82:9b:fc:30:5e:f1:c5:
                    cb:d1:7a:56:09:aa:6e:73:a3:c9:dd:26:fa:3c:e0:
                    b4:19:70:6e:a0:f5:f7:f4:48:97:32:b8:eb:64:18:
                    35:91:8e:bb:a9:a6:06:64:02:1d:2e:35:34:f2:1d:
                    40:a6:3e:aa:65:b2:ba:bb:c5:0f:08:54:a6:c4:51:
                    ad:ae:8b:3d:06:a9:65:f0:08:77:c7:d5:9f:ff:64:
                    df:ae:f5:0d:6f:6b:87:fc:1c:73:7e:c9:4f:ce:ec:
                    3b:b2:00:ad:a8:5b:8a:d7:88:82:6a:de:f2:17:1c:
                    16:e7:ab:67:7c:bc:37:4e:67:80:6b:c9:2d:65:b4:
                    89:c6:54:53:a0:eb:0d:0f:09:70:b6:62:b2:a1:85:
                    fe:3b:de:33:ff:c5:c7:eb:8f:2f:a2:29:64:f2:0c:
                    98:bf:39:eb:97:78:56:f6:76:91:ff:04:df:aa:0d:
                    b8:4c:dd:09:4e:9f:8c:4e:99:1f:8c:d7:a6:99:3b:
                    d5:9b:0a:07:e4:50:a3:1d:3c:20:1c:c4:ee:e1:87:
                    36:e1:cd:8e:40:60:60:af:b5:b1:df:ce:72:5f:3e:
                    9f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:81:6D:DE:BA:D4:06:E2:64:E7:B6:37:CC:01:85:99:93:A5:B6:27
            X509v3 Authority Key Identifier:
                keyid:5F:F7:35:2D:47:DB:97:85:F4:91:18:09:2D:E8:70:4A:67:F6:52:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X_c1LUfbl4X0kRgJLehwSmf2Ug0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/sYFt3rrUBuJk57Y3zAGFmZOltic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5d2b3-7c42-4785-9596-517481d0f850/1/X_c1LUfbl4X0kRgJLehwSmf2Ug0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.8.0/24
                  185.241.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:13:90:8d:7b:26:4a:b6:11:51:27:89:89:84:a4:9a:88:52:
         57:a4:39:19:3b:10:5c:33:92:56:d5:41:e2:3f:c9:de:59:fa:
         26:4f:dd:6c:46:db:24:a9:b0:00:b1:dd:85:70:88:e9:9a:3f:
         90:bf:2f:fe:cd:ba:0d:2d:2e:a7:89:b0:b6:93:c6:92:cc:c9:
         95:79:75:ed:af:11:ed:b6:4e:3a:b0:7d:7d:88:f0:5e:86:29:
         71:a2:d3:dc:a0:40:25:62:9a:03:94:0d:6b:17:96:7a:fb:af:
         30:dc:02:81:89:47:d6:25:cf:48:7e:b0:e3:1a:ef:dc:58:70:
         60:e9:24:a4:28:4f:6d:ef:86:96:24:76:52:3b:5c:cb:95:b5:
         f2:65:af:00:59:60:d7:9d:08:46:cf:96:22:5e:19:49:db:ab:
         fc:b2:98:40:d2:ce:f8:78:78:4f:34:bc:33:7c:b4:5e:70:59:
         10:60:97:42:97:f2:93:14:20:39:c6:92:84:6b:50:d2:dd:39:
         38:17:1b:a9:50:68:7c:12:b4:8e:83:43:48:a6:92:7c:d1:3a:
         51:72:19:66:66:ce:31:85:cb:8d:29:c3:d5:63:d4:e3:12:26:
         2a:b9:b8:0a:0a:e3:c9:86:46:59:fb:32:c5:b8:2f:b0:57:56:
         5f:e0:72:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlLpoEtxWa4IVt13+YFFoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZjczNTJkNDdkYjk3ODVmNDkxMTgwOTJkZTg3MDRhNjdm
NjUyMGQwHhcNMjQwMTAyMDAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTgxNmRkZWJhZDQwNmUyNjRlN2I2MzdjYzAxODU5OTkzYTViNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnelOJIhfxziz0ZuLowzz2iiYVTUI
Dj5qAdcpmZP6/tISv2X614Kb/DBe8cXL0XpWCapuc6PJ3Sb6POC0GXBuoPX39EiX
MrjrZBg1kY67qaYGZAIdLjU08h1Apj6qZbK6u8UPCFSmxFGtros9Bqll8Ah3x9Wf
/2TfrvUNb2uH/BxzfslPzuw7sgCtqFuK14iCat7yFxwW56tnfLw3TmeAa8ktZbSJ
xlRToOsNDwlwtmKyoYX+O94z/8XH648voilk8gyYvznrl3hW9naR/wTfqg24TN0J
Tp+MTpkfjNemmTvVmwoH5FCjHTwgHMTu4Yc24c2OQGBgr7Wx385yXz6f4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLGBbd661AbiZOe2N8wBhZmTpbYnMB8GA1UdIwQY
MBaAFF/3NS1H25eF9JEYCS3ocEpn9lINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWF9jMUxVZmJsNFgwa1JnSkxlaHdTbWYyVWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWQyYjMtN2M0Mi00Nzg1LTk1OTYt
NTE3NDgxZDBmODUwLzEvc1lGdDNyclVCdUprNTdZM3pBR0ZtWk9sdGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWQyYjMtN2M0Mi00Nzg1LTk1OTYtNTE3NDgxZDBmODUw
LzEvWF9jMUxVZmJsNFgwa1JnSkxlaHdTbWYyVWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZoIAwQC
ufG8MA0GCSqGSIb3DQEBCwUAA4IBAQBQE5CNeyZKthFRJ4mJhKSaiFJXpDkZOxBc
M5JW1UHiP8neWfomT91sRtskqbAAsd2FcIjpmj+Qvy/+zboNLS6nibC2k8aSzMmV
eXXtrxHttk46sH19iPBehilxotPcoEAlYpoDlA1rF5Z6+68w3AKBiUfWJc9IfrDj
Gu/cWHBg6SSkKE9t74aWJHZSO1zLlbXyZa8AWWDXnQhGz5YiXhlJ26v8sphA0s74
eHhPNLwzfLRecFkQYJdCl/KTFCA5xpKEa1DS3Tk4FxupUGh8ErSOg0NIppJ80TpR
chlmZs4xhcuNKcPVY9TjEiYqubgKCuPJhkZZ+zLFuC+wV1Zf4HJC
-----END CERTIFICATE-----